However, GRC requirements do not exist in a vacuum. Organizational objectives must also be supported. Critical functions can be disrupted if business needs are not considered when establishing compliance activities. In addition, providing evidence that the appropriate controls are in place and enforced is a requirement of any audit. Investing in selecting the right policies, controls and solutions leads to more successful audits and security that is more reliable.